Hello,
I posted a more verbose message and did not get any replies earlier. So please forgive me if I am appearing a bit clueless.
Is there anyway using Iptables or some other command-line tool to manage the Netfilter connection hash tables? More specifically, I would like to be able remove ASSURED connections as a component of a method to cut off existing connections that are suspect of virus activity. I really don’t want to use a tool like cutter to send RST's…It just seems that it would be much cleaner to directly manipulate the hash.
Also, I have been noticing some occasional problems with ASSURED entries possibly disappearing from the Netfilter connection hash (causing a rule which checks for packets without SYN and not ESTABLISHED to start dropping packets which kills legitimate connections) and I'm trying to find a way to log or somehow determine what caused the entry to be removed….I'm not sure logging RST's or FIN's will locate all reasons for a table entry drop.
Any assistance or helpful direction someone could provide me would be appreciated.
Thanx.
-- Markley Dykeman
